The good guys
Police agencies fighting cybercrime must find ways to collaborate across organizational charts and national boundaries
To prevent crime on the streets, you put more officers on the beat. To prevent cybercrime more effectively, you … well, what do you do? Without a beat for cyberofficers to patrol, law enforcement groups have initially responded in reactive mode, dealing with crimes that have already been committed.
Deterrence and future crime prevention are still largely addressed by setting examples. That means catching the perpetrators sooner, and levying stiff penalties to show that the law has teeth.
Unfortunately, some countries have only in the past few years enacted any laws against electronic crime. Some have laws, but no effective law enforcement agencies. And many countries (think sub-Saharan Africa, and Asia's more impoverished nations) simply have other priorities. In the world's more violent cities, catching criminals who rob and kill at gunpoint or knifepoint is a higher priority than protecting Western corporations from hackers and malware coders.
But there is some good news: The tide is turning, slowly. Here we profile three organizations that exemplify what can be done to combat the perpetrators of cybercrime. The bottom line: The most effective tool in the fight against cybercriminals isn't fancy equipment or bloated budgets, but cooperation.
London's Metropolitan Police: Computer crime unit forges cooperative links
It's fitting that one of the world's oldest police forces should also be home to one of the first law enforcement agencies dedicated to computer crime. London's Metropolitan Police—colloquially known as Scotland Yard—established its Computer Crime Unit in 1984. Since then, working cooperatively with both national and international allies, it has dispatched a continual stream of wrongdoers to jail to repent at Her Majesty's pleasure. Or if not repent, at least stay safely behind bars.
For example: 22-year-old Welsh Web designer Simon Vallor was sentenced in January 2003 to two years in prison for infecting 33,000 computers in 42 countries with the Gokar, Admirer and Redesi viruses. The United Kingdom "has strong international links, good laws, and effective police who are aggressive at enforcing those laws," says James Lewis, director of the Technology and Public Policy Program at the Washington, D.C.-based Center for Strategic & International Studies. True to form, Vallor's conviction under Britain's 1990 Computer Misuse Act was aided by one of those strong international links: a tip-off from the FBI.
Another wrongdoer, 18-year-old Exeter University student Joseph McElroy, was lucky to receive a 200-hour community service sentence this February for hacking into 17 computer systems at the U.S. Department of Energy's Fermi National Accelerator Laboratory. Once again, close cooperation between Department of Energy security officials and Computer Crime Unit police in Britain secured the conviction.
Based in an office block on Buckingham Gate, London (just a few hundred yards from Buckingham Palace), the unit is highly focused on specific categories of computer crime. Mostly, the cases referred to it involve hacking, virus writing and distributed denial-of-service attacks, says Detective Inspector Chris Simpson, who heads the force. "We arrest a network hacker once a fortnight," he says.
Nor are these "mild" network attacks: "If someone has considered it dangerous enough to report to us, it's usually pretty serious," Simpson adds, pointing to the unit's role in catching McElroy and Vallor. Simpson says that—as of August—the unit was managing 18 ongoing cases, plus providing forensic investigation support to other specialist crime units in 60 other cases, with high-end cases involving as much as 500 gigabytes of data.
Simpson explains that his unit is one of five computer-oriented groups within Scotland Yard's Specialist Operation Command and Specialist Crime Directorate; the others mainly supply forensic services to police investigating crimes involving vice, gaming, pedophilia and antiterrorism. "We're all part of the same overall team, and reinforce other units in times of high demand," says Simpson.
Even within its own national borders, the unit operates in an increasingly complex regulatory and organizational arena. For most crimes, the Metropolitan Police's jurisdiction normally extends only as far as London's borders; computer crime, however, is one of a small number of offenses where the Met's reach is national and occasionally international. A growing number of local forces around the United Kingdom, though, are developing their own computer crime capabilities, and the Computer Crime Unit cooperates both with these as well as with the United Kingdom's National Hi-Tech Crime Squad, created by the British government in April 2001 as an umbrella organization in the fight against electronic crime.
For international cooperation, as in the above-cited cases involving U.S. entities, Simpson's group relies on communication through all necessary means—including not only fax, phone and e-mail, but also videoconferencing. The key conduit for connecting with the United States is through the Legal Attaché office in the U.S. embassy in London.
Simpson notes that all the communication in the world wouldn't pay off without the necessary skills and dedication of his nine-strong teammany of whom have worked hard to gain qualifications in their own time and at their own expense. The government pays for technical coursework but not academic coursework. Yet Simpson's own degree in mathematics and computing, he adds, merely qualifies him as the tyro of the unit. "Most of the members of the unit either have a Master's degree in information technology security, or are completing one," he says. "In addition, nearly all are certified information systems security professionals, or are certified to CISSP instructor standard. We think we've probably got one of the highest technically qualified teams in Europe."
And the unit will need every ounce of that expertise to combat the efforts of a new generation of cybercriminals. Says Simpson: "We're increasingly seeing people who aren't looking at hacking as a leisure activity, or for the intellectual challenge it affords them, but are doing it because it provides them with an opportunity to make money. And to do so anonymously. But in that, they're mistaken. Every computer has an IP address, and leaves big clues about who has been using it, and for what." And as Simon Vallor and James McElroy found to their cost, those clues lead to convictions.
The Australian High Tech Crime Centre: A national strategy in action
Until July 2003, Australia's high-tech crime investigators battled wrongdoers with one hand tied behind their backs, says Ajoy Ghosh, a consultant and lecturer in cybercrime at the law faculty of Sydney's University of Technology. The problem—unlike in many countries—wasn't the lack of laws. As electronic crime had evolved, Australian lawmakers had regularly enacted or amended legislation to reflect lawbreakers' changing modi operandi. Laws spread across several separate pieces of legislation dating from 1988, 1989 and 1995 were eventually combined in 2001 into the Cybercrime Act, a landmark piece of legislation that took effect at the beginning of 2002, enshrined within Australia's Criminal Code Act of 1995.
Instead, the problem was that—through accidents of history—the enforcement of high-tech crime laws was spread piecemeal throughout various government departments and agencies. Fraud against corporations, for example, fell to the corporate crime agencies of federal and state police. Denial-of-service attacks, viruses and hacking were dealt with by the Australian Federal Police's Computer Crime Unit. Consumer fraud was dealt with by a department in charge of consumer affairs, while spam (criminalized in early 2003) was dealt with by the Australian Communications Authority.
The laws were good, but doubts remained over whether they were being enforced as effectively as they could be, explains Ghosh. Consultation among federal and state police commissioners and lawmakers finally resulted in the Electronic Crime Strategy of 2001, which identified high-tech crime as a priority for Australia's law enforcement agencies, and created a separate organization to spearhead the work.
That organization, the Australian High Tech Crime Centre, came into being in July 2003, hosted by the Australian Federal Police in Australia's capital, Canberra. While the original agencies still "own" their respective offenses and remain responsible for prosecuting wrongdoers, the creation of the new agency means that investigative power is pooled and used more efficiently. "For the first time, Australia has a coordinated ability to respond to cybercrime, in terms of people, dollars, resources and links with the security industry," says Ghosh.
At the launch of the new agency, South Australia Police Commissioner Mal Hyde, who chairs its board of management, aimed squarely at reducing turf wars over jurisdiction, as well as at creating nationwide consistency when dealing with high-tech crimes, training investigators, disseminating intelligence and fabricating policy. "It will significantly improve our ability to monitor and respond to high-tech crime trends as they emerge," he said.
Some months later, in October 2003, the new agency scored its first arrest under the new legislation, taking into custody a 17-year-old Brisbane youth for hacking into the system of an Australian ISP, Pacific Internet. According to the Australian High Tech Crime Centre, just 24 hours had elapsed between being notified by Pacific Internet that a breach had occurred and making the arrest in Brisbane.
The European Electronic Crimes Task Force: Information-sharing across borders
Fighting cybercrime on a pan-European basis is quite a challengeeven without the criminals to contend with. Europe may be a single continent, but its 25 member countries rarely act as one. Even where a pan-European approach exists, some countries deliberately retain particular powers from Brussels, while other activities and responsibilities remain largely national by intention.
And in the absence of a single European police force, Europe's fighters against cybercrime have to wage their war from within their national police forces. There's cooperation, of course, but not yet full communication. For example, when Microsoft received some information that it realized could lead to the author of the Sasser virus, the FBI and CIA had to liaise with police in Northern Germany to apprehend an 18-year-old high school student known as Sven J in April 2004.
Enter the European Electronic Crimes Task Force (EECTF), a bold attempt to circumvent national strictures and put cybercrime investigators directly in touch with their international counterparts. The EECTF is, according to its Security Adviser Dario Forte, "a union of European law enforcement and academic forensic practitioners." Forte, a Milan-based former Italian police investigator who worked in the narcotics and organized crime sectors, is president of the European chapter of the Hi-Tech Crime Investigators' Association, and teaches classes on security and forensics on both sides of the Atlantic. In addition to currently teaching digital forensics at the University of Milan at Crema, Forte also recently served as an intrusion instructor for the U.S. Department of Homeland Security's Internet forensics training program.
The task force is not an association or formal law enforcement organization, stresses Forte. Instead, it's an online "trusted community" (or listserv), where duly accredited people from European law enforcement agencies, military forces and academic institutions can come together to pool knowledge and discuss cybercrime threats. Inside a secure portal, members can browse the library, locate contacts, chat, and contribute opinions and information on a series of topics stretching from hacking to network forensics.
Individuals from private industry can join too, as long as they are sponsored by an existing member. Disseminating commercial information is barred, as is discussing classified information. Riding herd on the group is a special agent of the U.S. Secret Service's Milan office; the Secret Service supports the task force, explains Forte, and helps to provide a communication conduit for members to discuss sensitive or confidential information that's barred from online transmission.
The intention, he says, is that the task force should focus on helping its members do their jobs better, without getting tangled up in nationalor even pan-Europeanbureaucracies. In theory, members could all board an aircraft and meet physically. Instead, in the spirit of the electronic age, they log in for virtual discussions from the convenience of their desktops. "Our members are very technically skilled. We don't talk about policy matters; we talk about technical news and real threats," he says. "We're a nongovernment initiative, and nor do we want to provide a substitute for any European Union initiatives."